Sample details: 588c09089aca36503e52ba1d4c37731a --

Hashes
MD5: 588c09089aca36503e52ba1d4c37731a
SHA1: abe96f344f30b00d610f5cf0845b58bd4942f602
SHA256: 4032a4f9d36c604e57851a1e6a126b2b0923ad4bcd89acab22e4aed2225fc3cc
SSDEEP: 6144:6rbwKhlButI/wWLCAbFG1F5t/c3Haso9+:Qwyx/wr5qXasow
Details
File Type: PE32
Yara Hits
YRP/IsPE32 | YRP/IsNET_EXE | YRP/IsWindowsGUI | YRP/IsBeyondImageSize | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 |
Source
http://54.39.239.17/down/Userci515/microsofts32.exe
Strings
		!This program cannot be run in DOS mode.
`.rsrc
@.reloc
cf* 	fE
Xe* SK
f g8u(Y 
M(Y* }
(#f 8`
 {#ug 
#<'Y g
%aY8W 
Yfe W^
O#ae -s
%a .E!"X 
Yf T)-
h|&Yf 
%"Yf 38
Xe "(_
cf O.*
Xf '2<
ae zT% X
 Ak-2 
'Xfef 
Yfe v-d
L!Xf U
"!$Xfef N
ce ,3u
bf <0-
Xfefeef
(&Xe @
Yef 7H
Xefef 
cefe $
|'aef 9
feefe ~
ae =5D
aee 6T
afef U
af 'O:
Xe #'H"Xa
 zU>y 
"X ^8G
:	Xf e
  )`[ 
Y`	Xe 
Y n:0%Xe 
Xeef }
ae ZbQ
R$Y N;#
o7Def 
 YeY8Q
ae 7.{
Xfe yC/
c1` $iI
 :ag" mag"a(v
 2GR(f 
Y Dx *X8
	X euc
 Y}$6 
 8_%'af
Y &@< XX
%XY` (
%(a* |G
<K'Ye 
ce* `b
efe* :
(af* OcZ
a [_,!Y(
rLe _^D
 	rLe ^^D
 RsLi Y^D
rLe X^D
rLe [^D
rLe Z^D
rLe e^D
rLe d^D
 TsLi g^D
 MsLi f^D
rLe a^D
 8rLe 
 9rLe 
 isLe j^D
 :rLe u^D
 ;rLe t^D
 <rLe q^D
 =rLe p^D
  sLe s^D
 -sLe r^D
 >rLe |^D
 ?rLe 
 0rLe ~^D
 1rLe y^D
 }sLe x^D
 3rLe z^D
 5rLe 
 6rLe 
 psLi 
 7rLe 
 (rLe 
 7sLe 
 )rLe 
 )sLe 
 *rLe 
 +rLe 
 ~sLi 
 ,rLe 
 .rLe 
 /rLe 
  rLe 
 QsLi 
 "rLe 
 #rLe 
 $rLe 
 %rLe 
 &rLe 
 'rLe 
 2sLe 
 IrLe 
 0sLe 
 nrLe 
 `sLi 
 nsLi 
 msLi 
 ksLi 
 usLi 
 ;sLi 
 =sLi 
 vsLi 
 -sLi 
 9sLi 
 ?sLi 
 gsLi 
 )sLi 
 bsLi 
rLe 	]D
 hsLi 
 }sLe 
rLe %]D
rLe $]D
rLe ']D
rLe &]D
rLe  ]D
sLe #]D
rLe -]D
rLe ,]D
rLe /]D
rLe .]D
rLe )]D
 csLi (]D
 dsLi +]D
rLe *]D
sLi 7]D
sLi 6]D
sLi 0]D
sLi 3]D
sLi 2]D
sLi =]D
sLi <]D
sLi ?]D
sLi >]D
sLi 9]D
sLi 8]D
sLi ;]D
sLi E]D
sLi D]D
 8sLi G]D
 :sLi F]D
 <sLi A]D
 >sLi @]D
 0sLi C]D
 2sLi B]D
 4sLi M]D
 6sLi L]D
 (sLi O]D
 *sLi N]D
rLe I]D
sLi H]D
rLe K]D
rLe J]D
rLe U]D
rLe T]D
rLe W]D
rLe V]D
rLe Q]D
sLi P]D
rLe S]D
sLi R]D
 	sLi ]]D
sLi \]D
rLe _]D
rLe ^]D
sLi Y]D
 1sLi X]D
 3sLi []D
 5sLi Z]D
 7sLi e]D
rLe d]D
rLe g]D
rLe f]D
rLe a]D
 XqLe `]D
 YqLe c]D
 ZqLe b]D
 [qLe m]D
 \qLe l]D
rLe o]D
 ]qLe n]D
 ^qLe i]D
sLi h]D
 _qLe k]D
 PqLe j]D
 QqLe u]D
 RqLe t]D
 SqLe w]D
 TqLe v]D
 UqLe q]D
 VqLe p]D
 WqLe s]D
 HqLe r]D
 IqLe |]D
 JqLe 
 LqLe y]D
 +sLi x]D
 MqLe {]D
 NqLe z]D
 frLe 
 OqLe 
 @qLe 
 AqLe 
 BqLe 
s!gyX^
t/X\D]v
_S_5V(
v2.0.50727
#Strings
#Strings
#Schema
Ldc_I4_0
Ldloc_0
Stloc_0
Ldarg_0
Ldc_I4_M1
Ldc_I4_1
Ldloc_1
Stloc_1
Ldarg_1
IEnumerable`1
List`1
user32
microsofts32
ReadUInt32
ReadInt32
ToInt32
Ldloc_2
Stloc_2
Ldarg_2
KeyValuePair`2
IDictionary`2
$STATIC$Button1_Click$20211C128099$Generator2
Ldloc_3
Stloc_3
Ldarg_3
get_WorkingSet64
ReadInt64
ReadProcessMemory64
Ldc_I4
Conv_I4
Ldc_I4_5
ReadUInt16
ReadInt16
get_UTF8
<Module>
PAGE_EXECUTE_READ
PAGE_GUARD
GetHINSTANCE
PAGE_NOCACHE
PAGE_WRITECOMBINE
PAGE_READWRITE
PAGE_EXECUTE_READWRITE
PAGE_EXECUTE
get_ASCII
MEMORY_BASIC_INFORMATION
SYSTEM_INFO
System.IO
InverseQ
TripleDES
PAGE_NOACCESS
Ldloc_S
Stloc_S
Brfalse_S
Ldarg_S
Bne_Un_S
set_IV
NqphTLBwyWRX
PAGE_READONLY
PAGE_WRITECOPY
PAGE_EXECUTE_WRITECOPY
value__
ProjectData
GetData
DecryptData
EncryptData
mscorlib
System.Collections.Generic
Microsoft.VisualBasic
get_IsStatic
get_Id
dwProcessId
GetProcessById
lpNumberOfBytesRead
get_CurrentThread
Form1_Load
add_Load
Interlocked
set_Enabled
get_IsDisposed
Synchronized
NewGuid
DefineField
BindToField
GetField
ReadToEnd
Append
set_IsBackground
DynamicMethod
MakeGenericMethod
InvokeMethod
DefineMethod
CompareMethod
BindToMethod
SelectMethod
GetGetMethod
MasterCard
Replace
set_IsSingleInstance
CreateInstance
GetHashCode
OpCode
SetCode
set_AutoScaleMode
CryptoStreamMode
AuthenticationMode
ShutdownMode
get_Unicode
get_Message
CompareExchange
LockCookie
DynamicInvoke
EndInvoke
BeginInvoke
GetEnvironmentVariable
IEnumerable
IDisposable
Hashtable
set_Visible
ReadDouble
ToDouble
get_Handle
get_FieldHandle
RuntimeFieldHandle
ResolveFieldHandle
get_MethodHandle
RuntimeMethodHandle
ResolveMethodHandle
get_ModuleHandle
get_TypeHandle
RuntimeTypeHandle
ResolveTypeHandle
GetFieldFromHandle
GetMethodFromHandle
GetTypeFromHandle
bInheritHandle
ReadSingle
DownloadFile
IsVolatile
get_Module
DefineDynamicModule
get_ManifestModule
AppWinStyle
set_ShutdownStyle
set_SizeGripStyle
set_FormBorderStyle
get_ExStyle
set_ExStyle
get_Name
set_Name
get_FullyQualifiedName
set_FileName
get_MachineName
get_OSFullName
get_FullName
get_UserName
get_ProcessName
GetName
AssemblyName
DateAndTime
DateTime
WriteLine
set_Multiline
get_FieldType
eCreditCardType
ChangeType
DefineType
CreateType
CheckForSyncLockOnValueType
get_IsValueType
MakeByRefType
get_DeclaringType
get_ReturnType
SetReturnType
returnType
get_ParameterType
processorType
GetType
SetLocalSignature
GetSignature
processorArchitecture
culture
MethodBase
WindowsFormsApplicationBase
AllocationBase
ButtonBase
ApplicationSettingsBase
TextBoxBase
HttpWebResponse
GetResponse
Dispose
Reverse
Create
CreateDelegate
MulticastDelegate
EditorBrowsableState
set_WindowState
FormWindowState
GetAsyncKeyState
Delete
ThreadStaticAttribute
STAThreadAttribute
CompilerGeneratedAttribute
DesignerGeneratedAttribute
GuidAttribute
HelpKeywordAttribute
GeneratedCodeAttribute
DebuggerNonUserCodeAttribute
DebuggableAttribute
EditorBrowsableAttribute
ComVisibleAttribute
FileAttribute
AssemblyTitleAttribute
StandardModuleAttribute
HideModuleNameAttribute
DefaultSettingValueAttribute
ApplicationScopedSettingAttribute
DebuggerStepThroughAttribute
AssemblyTrademarkAttribute
SuppressIldasmAttribute
DebuggerHiddenAttribute
AssemblyFileVersionAttribute
ObfuscationAttribute
MyGroupCollectionAttribute
AssemblyDescriptionAttribute
DefaultMemberAttribute
FlagsAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
ParamArrayAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
AccessedThroughPropertyAttribute
set_UseShellExecute
get_Minute
ReadSByte
ReadByte
get_Value
WithEventsValue
GetObjectValue
TryGetValue
SetValue
add_ResourceResolve
add_AssemblyResolve
Remove
microsofts32.exe
set_Size
pageSize
get_BlockSize
RegionSize
set_ClientSize
dwSize
get_KeySize
Deserialize
SuppressFinalize
dwsize
SizeOf
StaticLocalInitFlag
System.Threading
UTF8Encoding
get_UseCompatibleTextRendering
FromBase64String
ToBase64String
ReadString
DownloadString
GetResourceString
CompareString
ToString
GetString
Substring
disposing
System.Drawing
BinarySearch
ComputeHash
VerifyHash
get_Length
dwLength
StartsWith
HextoAscii
Newobj
AsyncCallback
callback
add_Tick
remove_Tick
add_Click
remove_Click
AcquireReaderLock
ReleaseReaderLock
DowngradeFromWriterLock
UpgradeToWriterLock
ReaderWriterLock
FlushFinalBlock
get_DayOfWeek
activeProcessorMask
DeclareLocal
Marshal
set_Interval
DefineLabel
MarkLabel
System.ComponentModel
processorLevel
kernel32.dll
wow64ext.dll
ContainerControl
ObjectFlowControl
GetManifestResourceStream
get_BaseStream
GetResponseStream
CryptoStream
MemoryStream
get_Item
set_Item
get_FileSystem
SymmetricAlgorithm
HashAlgorithm
Random
set_MainForm
OnCreateMainForm
ICryptoTransform
AllocationProtectEnum
ReadBoolean
ToBoolean
lpNumberOfBytesWritten
System.ComponentModel.Design
AppDomain
get_CurrentDomain
SeekOrigin
set_ShowIcon
processorRevision
set_Version
Conversion
Application
set_Location
System.Configuration
System.Globalization
IncompleteInitialization
Interaction
System.Reflection
ICollection
ControlCollection
ManagementObjectCollection
get_IsGenericMethodDefinition
get_Position
set_Position
set_StartPosition
FormStartPosition
CallingConvention
NotSupportedException
TargetInvocationException
InvalidOperationException
get_InnerException
ArgumentException
InvalidCastException
StringComparison
Button
add_Shutdown
CompareTo
GetDynamicILInfo
get_Info
FieldInfo
MethodInfo
CultureInfo
GetSystemInfo
MemberInfo
ParameterInfo
ComputerInfo
ConstructorInfo
get_StartInfo
ProcessStartInfo
PropertyInfo
get_Temp
EndApp
set_ShowInTaskbar
InvokeMember
CheckCardNumber
IsNumber
StreamReader
BinaryReader
SHA1CryptoServiceProvider
RSACryptoServiceProvider
TripleDESCryptoServiceProvider
FieldBuilder
MethodBuilder
ModuleBuilder
TypeBuilder
StringBuilder
LocalBuilder
ParameterBuilder
ConstructorBuilder
AssemblyBuilder
sender
Binder
lpBuffer
buffer
ResourceManager
ToInteger
ManagementObjectSearcher
ParameterModifier
ResolveEventHandler
ShutdownEventHandler
System.CodeDom.Compiler
IContainer
SignatureHelper
GetMethodSigHelper
GetLocalVarSigHelper
DefineParameter
StreamWriter
TextWriter
BinaryWriter
writer
GetDelegateForFunctionPointer
BinaryFormatter
ServerComputer
Discover
ToLower
GetTokenFor
set_UseVisualStyleBackColor
CreateProjectError
ClearProjectError
SetProjectError
GetLastError
IEnumerator
ManagementObjectEnumerator
GetEnumerator
$STATIC$Button1_Click$20211C128099$Generator
GetILGenerator
Activator
.cctor
DefineConstructor
GetConstructor
Monitor
CreateDecryptor
CreateEncryptor
IntPtr
inputstr
bindingAttr
SetAttr
get_Hour
System.Diagnostics
GetMethods
Simple3Des
Microsoft.VisualBasic.Devices
Microsoft.VisualBasic.ApplicationServices
System.Runtime.InteropServices
Microsoft.VisualBasic.CompilerServices
System.Runtime.CompilerServices
Microsoft.VisualBasic.MyServices
System.Resources
microsofts.My.Resources
OpCodes
DebuggingModes
get_SpecialDirectories
get_ProgramFiles
GetModules
set_EnableVisualStyles
get_Lines
set_Lines
GetProcesses
FieldAttributes
MethodAttributes
FileAttributes
TypeAttributes
MethodImplAttributes
ParameterAttributes
SetAttributes
GetBytes
get_Values
indexes
BindingFlags
SetImplementationFlags
Strings
MySettings
ResolveEventArgs
set_InitLocals
ReferenceEquals
get_Controls
get_CreateParams
System.Windows.Forms
Contains
set_AutoScaleDimensions
Conversions
System.Collections
CallingConventions
SetExceptions
Outros
get_Chars
modifiers
RuntimeHelpers
RSAParameters
GetParameters
SetParameters
ImportParameters
GetIndexParameters
numberOfProcessors
Operators
dwDesiredAccess
AssemblyBuilderAccess
hProcess
OpenProcess
GetCurrentProcess
GetProcAddress
lpBaseAddress
minimumApplicationAddress
maximumApplicationAddress
lpAddress
microsofts
GetGenericArguments
DoEvents
Exists
Modulus
RemoveAt
Concat
Format
ManagementBaseObject
ManagementObject
object
AllocationProtect
System.Net
Is64Bit
op_Explicit
System.Reflection.Emit
$STATIC$Button1_Click$20211C128099$Generator2$Init
$STATIC$Button1_Click$20211C128099$Generator$Init
get_SaveMySettingsOnExit
set_SaveMySettingsOnExit
SetCompatibleTextRenderingDefault
IAsyncResult
result
WebClient
System.Management
Environment
AddArgument
Component
Exponent
get_Current
isDebuggerPresent
get_Count
ParameterizedThreadStart
Convert
Callvirt
FailFast
HttpWebRequest
ArrayList
get_vshost
SuspendLayout
ResumeLayout
PerformLayout
MoveNext
System.Text
get_Text
set_Text
ReadAllText
encryptedtext
plaintext
get_Now
VirtualQueryEx
set_TabIndex
set_MinimizeBox
set_MaximizeBox
set_ControlBox
TextBox
microsofts.My
get_TimeOfDay
get_Today
ToArray
ToCharArray
ReorderArgumentArray
CopyArray
get_Key
set_Key
GetPublicKey
ContainsKey
System.Security.Cryptography
get_Assembly
DefineDynamicAssembly
GetExecutingAssembly
get_IsAssembly
BlockCopy
System.Runtime.Serialization.Formatters.Binary
LoadLibrary
ObjectQuery
ReadProcessMemory
WriteProcessMemory
Directory
set_Opacity
set_Capacity
op_Equality
op_Inequality
allocationGranularity
IsNullOrEmpty
SelectProperty
GetProperty
FileSystemProxy
SpecialDirectoriesProxy
MyTemplate
11.0.0.0
My.Computer
My.Application
My.User
My.Forms
My.WebServices
System.Windows.Forms.Form
Create__Instance__
Dispose__Instance__
My.MyProject.Forms
4System.Web.Services.Protocols.SoapHttpClientProtocol
Create__Instance__
Dispose__Instance__
3System.Resources.Tools.StronglyTypedResourceBuilder
15.0.0.0
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
15.9.0.0
My.Settings
						
Feature	dead codeT
Exclude
StripAfterObfuscation
WrapNonExceptionThrows
microsofts.exe
Copyright 
  2019
$F1677B21-6F71-47C2-BECF-578DD6BA3AFC
1.6.0.0
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="utf-8"?>
<asmv1:assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <assemblyIdentity version="1.0.0.0" name="MyApplication.app" />
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
    <security>
      <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
        <!-- UAC Manifest Options
            If you want to change the Windows User Account Control level replace the 
            requestedExecutionLevel node with one of the following.
        <requestedExecutionLevel  level="asInvoker" uiAccess="false" />
        <requestedExecutionLevel  level="requireAdministrator" uiAccess="false" />
        <requestedExecutionLevel  level="highestAvailable" uiAccess="false" />
            Specifying requestedExecutionLevel node will disable file and registry virtualization.
            If you want to utilize File and Registry Virtualization for backward 
            compatibility then delete the requestedExecutionLevel node.
        -->
        <requestedExecutionLevel level="asInvoker" uiAccess="false" />
      </requestedPrivileges>
      <applicationRequestMinimum>
        <defaultAssemblyRequest permissionSetReference="Custom" />
        <PermissionSet Unrestricted="true" ID="Custom" SameSite="site" />
      </applicationRequestMinimum>
    </security>
  </trustInfo>
  <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
    <application>
      <!-- A list of all Windows versions that this application is designed to work with. 
      Windows will automatically select the most compatible environment.-->
      <!-- If your application is designed to work with Windows Vista, uncomment the following supportedOS node-->
      <!--<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS>-->
      <!-- If your application is designed to work with Windows 7, uncomment the following supportedOS node-->
      <!--<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>-->
      <!-- If your application is designed to work with Windows 8, uncomment the following supportedOS node-->
      <!--<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS>-->
      <!-- If your application is designed to work with Windows 8.1, uncomment the following supportedOS node-->
      <!--<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/>-->
    </application>
  </compatibility>
  <!-- Enable themes for Windows common controls and dialogs (Windows XP and later) -->
  <!-- <dependency>
    <dependentAssembly>
      <assemblyIdentity
          type="win32"
          name="Microsoft.Windows.Common-Controls"
          version="6.0.0.0"
          processorArchitecture="*"
          publicKeyToken="6595b64144ccf1df"
          language="*"
        />
    </dependentAssembly>
  </dependency>-->
</asmv1:assembly>